Use the Cisco Security Agent on the Web Servers, especially those in the DMZ.

•Installing the Cisco Security Agent in the How to Install the Cisco Unified MeetingPlace Web Conferencing Server module of the Installation, Upgrade, and Migration Guide for Cisco Unified MeetingPlace

Use McAfee VirusScan Enterprise on the Web Servers, especially those in the DMZ.

Using Cisco Security Agent (CSA) on the Application Server

The Cisco Security Agent (CSA) is an application that provides system and data security and allows you to monitor the activities on your system. The CSA is automatically installed on the Application Server with Cisco Unified MeetingPlace and requires no configuration. The red flag at the bottom-right corner of the screen indicates that CSA is running and active on your system.

The CSA consists of a set of rules that govern which users and applications can alter or query critical file systems. It also provides security on ports to minimize unauthorized system logins for malicious purposes. The CSA logs violations of any of the security rules. You may peruse the log periodically to determine what attempted activities were blocked.

Restrictions

Because the CSA application that is included with Cisco Unified MeetingPlace is a standalone version:

Limiting the Number of Failed User Login Attempts

You can configure the number of times in a session that an end user can fail to log in to Cisco Unified MeetingPlace before the user profile becomes "locked." Users with locked user profiles cannot log in.

Restrictions

•The preconfigured system administrator profile cannot be locked.

•Before reaching the maximum number of login attempts, the user may restart the counter for failed login attempts by:

–Closing the browser and opening a new one to continue the login attempts.

–Ending the call to Cisco Unified MeetingPlace and making a new call to continue the login attempts.

Restricting Access to Scheduled Meetings

You can restrict uninvited and unprofiled users from attending meetings that are scheduled by some or all users.

Remember, however, that if meeting attendance is restricted to profiled users, then unprofiled external users (such as your customers or business partners) and users with locked profiles cannot attend meetings, even if they are invited.

Procedure

Step 1 Log in to the Administration Center.

Step 2 Select User Configuration.

Step 3 Select User Groups or User Profiles, depending on whether you want to configure a user group or an individual user profile.

Step 4 Select Edit or Add New, depending on whether you want to configure an existing or a new user group or user profile.

Restricting Access to Recordings and Attachments

You can restrict unprofiled users from accessing recordings and attachments for meetings that are scheduled by some or all users. Remember, however, that if access to recordings is restricted to profiled users, then unprofiled external users (such as your customers or business partners) and users with locked profiles cannot access the recordings, even if they were invited to and attended the meetings.

Procedure

Step 1 Log in to the Administration Center.

Step 2 Select User Configuration.

Step 3 Select User Groups or User Profiles, depending on whether you want to configure a user group or an individual user profile.

Step 4 Select Edit or Add New, depending on whether you want to configure an existing or a new user group or user profile.

Restricting the Use of Vanity Meeting IDs

By default, Cisco Unified MeetingPlace allows the meeting scheduler to request a specific meeting ID, such as one that is easy to remember (12345) or one that spells a word (24726 or CISCO). If, however, an uninvited person knows one of the phone numbers for your Cisco Unified MeetingPlace system, that person can easily guess a popular meeting ID and join a meeting that he is not authorized to attend.

You can prevent unauthorized meeting attendance by disabling the ability to request a vanity meeting ID when scheduling a meeting. Instead, a unique, randomly generated ID is assigned to every scheduled meeting. Users cannot change the assigned meeting IDs.

Limiting the Number of Attempted Dial-Out Calls From Voice Meetings

To prevent toll fraud, you can specify the maximum number of dial-out calls that each user can try to make from within a meeting.

Restriction

This procedure affects only the dial-out calls that the user attempts by pressing #31 from the telephone user interface (TUI). You cannot limit the number of dial-out calls that are attempted from the web meeting room.